Test ID:	1.3.6.1.4.1.25623.1.0.883198
Category:	CentOS Local Security Checks
Title:	CentOS: Security Advisory for qemu-guest-agent (CESA-2020:0775)
Summary:	The remote host is missing an update for the 'qemu-guest-agent'; package(s) announced via the CESA-2020:0775 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu-guest-agent' package(s) announced via the CESA-2020:0775 advisory. Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) * QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'qemu-guest-agent' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14378 Bugtraq: 20190825 [SECURITY] [DSA 4506-1] qemu security update (Google Search) https://seclists.org/bugtraq/2019/Aug/41 Bugtraq: 20190902 [SECURITY] [DSA 4512-1] qemu security update (Google Search) https://seclists.org/bugtraq/2019/Sep/3 Debian Security Information: DSA-4506 (Google Search) https://www.debian.org/security/2019/dsa-4506 Debian Security Information: DSA-4512 (Google Search) https://www.debian.org/security/2019/dsa-4512 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/ http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/ https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 https://news.ycombinator.com/item?id=20799010 https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html http://www.openwall.com/lists/oss-security/2019/08/01/2 RedHat Security Advisories: RHSA-2019:3179 https://access.redhat.com/errata/RHSA-2019:3179 RedHat Security Advisories: RHSA-2019:3403 https://access.redhat.com/errata/RHSA-2019:3403 RedHat Security Advisories: RHSA-2019:3494 https://access.redhat.com/errata/RHSA-2019:3494 RedHat Security Advisories: RHSA-2019:3742 https://access.redhat.com/errata/RHSA-2019:3742 RedHat Security Advisories: RHSA-2019:3787 https://access.redhat.com/errata/RHSA-2019:3787 RedHat Security Advisories: RHSA-2019:3968 https://access.redhat.com/errata/RHSA-2019:3968 RedHat Security Advisories: RHSA-2019:4344 https://access.redhat.com/errata/RHSA-2019:4344 RedHat Security Advisories: RHSA-2020:0366 https://access.redhat.com/errata/RHSA-2020:0366 RedHat Security Advisories: RHSA-2020:0775 https://access.redhat.com/errata/RHSA-2020:0775 SuSE Security Announcement: openSUSE-SU-2019:2041 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html SuSE Security Announcement: openSUSE-SU-2019:2059 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html SuSE Security Announcement: openSUSE-SU-2019:2510 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html https://usn.ubuntu.com/4191-1/ https://usn.ubuntu.com/4191-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-15890 Bugtraq: 20200203 [SECURITY] [DSA 4616-1] qemu security update (Google Search) https://seclists.org/bugtraq/2020/Feb/0 Debian Security Information: DSA-4616 (Google Search) https://www.debian.org/security/2020/dsa-4616 https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 Common Vulnerability Exposure (CVE) ID: CVE-2020-7039 https://security.gentoo.org/glsa/202005-02 https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html RedHat Security Advisories: RHSA-2020:0348 https://access.redhat.com/errata/RHSA-2020:0348 SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://usn.ubuntu.com/4283-1/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.